I migrated to the new permissions model today, and I’m experiencing permissions issues with the required scopes. Below are my scopes that were generated for me after migration:
const scopes: string[] = [
"api:use-ontologies-read",
"api:use-ontologies-write",
"api:use-admin-read",
"api:use-connectivity-read",
"api:use-connectivity-execute",
"api:use-orchestration-read",
"api:use-mediasets-read",
"api:use-mediasets-write",
]
I am attempting to invoke the following action:
const apiResults = await fetch(`${client.url}/api/v2/ontologies/${client.ontologyRid}/actions/collect-telemetry/apply`, {
method: 'POST',
headers,
body,
});
But I keep getting this error:
'{
"errorCode": "PERMISSION_DENIED",
"errorName": "ApiUsageDenied",
"errorInstanceId": "752d07a9-67c2-414b-8723-585231dec27d",
"parameters": {
"missingScope": "api:usage:ontologies-write"
}
}'
Weirdly, the required scope uses usage instead of usage. Adding this scope does not resolve the error. I did upgrade my deps as follows:
"@osdk/client": "^2.2.1",
"@osdk/foundry.admin": "^2.20.0",
"@osdk/oauth": "^1.1.2",
Screenshots of permissions checks and settings are attached.
Are you directly using fetch to call the endpoint instead of using the OSDK? Also, where are you passing in the scopes field? Is this in the OSDK client?
Yes, using fetch directly. Full code for the client below:
import { createClient } from "@osdk/client";
import { User, Users } from "@osdk/foundry.admin";
import { createConfidentialOauthClient } from "@osdk/oauth";
import { FoundryClient } from '@xreason/types'
export function createFoundryClient(): FoundryClient {
// log ENV vars
console.log('Environment variable keys:');
Object.keys(process.env).forEach(key => {
if (key.indexOf('FOUNDRY') >= 0 || key.indexOf('OSDK') >= 0) {
console.log(`- ${key}`);
}
});
if (!process.env.OSDK_CLIENT_ID || !process.env.OSDK_CLIENT_SECRET) {
throw new Error('missing required env vars');
}
// setup the OSDK
const clientId: string = process.env.OSDK_CLIENT_ID;
const url: string = process.env.FOUNDRY_STACK_URL;
const ontologyRid: string = process.env.ONTOLOGY_RID;
const clientSecret: string = process.env.OSDK_CLIENT_SECRET;
const scopes: string[] = [
"api:use-ontologies-read",
"api:use-ontologies-write",
"api:use-admin-read",
"api:use-connectivity-read",
"api:use-connectivity-execute",
"api:use-orchestration-read",
"api:use-mediasets-read",
"api:use-mediasets-write",
]
const auth = createConfidentialOauthClient(clientId, clientSecret, url, scopes);
const client = createClient(url, ontologyRid, auth);
const getUser = async () => {
const user: User = await Users.getCurrent(client);
return user;
};
return { auth, ontologyRid, url, client, getUser };
}
I also get the same error when executing a cURL request:
curl -X POST "https://<url>/api/v2/ontologies/<rid>/actions/collect-telemetry/apply" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"parameters": {
"inputJSON": "{\\"resource\\":{\\"resource_id\\":\\"e6bd2b27-1d3d-4121-af69-e4dad3ff74f2\\",\\"service_name\\":\\"vickie\\",\\"service_instance_id\\":\\"production\\",\\"telemetry_sdk_name\\":\\"xreason-functions\\",\\"telemetry_sdk_version\\":\\"7.0.2\\",\\"host_hostname\\":\\"<url>\\",\\"host_architecture\\":\\"prod\\"},\\"spans\\":[{\\"trace_id\\":\\"50540ec54086208ba8d6791f40612b6f\\",\\"span_id\\":\\"6e3d6426a28145a3\\",\\"name\\":\\"createTaskList\\",\\"start_time\\":\\"2025-06-20T17:48:29.047Z\\",\\"end_time\\":\\"2025-06-20T17:48:32.722Z\\",\\"traceparent\\":\\"00-50540ec54086208ba8d6791f40612b6f-6e3d6426a28145a3-01\\",\\"trace_flags\\":1,\\"kind\\":\\"Server\\",\\"status_code\\":\\"ERROR\\",\\"status_message\\":\\"An error occurred while calling read RfpRequest errorInstanceId: a73bd612-900e-4ca6-98dd-1c5514128d9b errorCode: INVALID_ARGUMENT\\",\\"sampling_decision\\":\\"RECORD_AND_SAMPLE\\",\\"sampling_rate\\":1,\\"attributes\\":\\"{\\\\\\"endpoint\\\\\\":\\\\\\"/api/v2/ontologies/ontology-c0c8a326-cd0a-4f69-a575-b0399c04b74d/queries/createTaskList/execute\\\\\\"}\\"}],\\"events\\":[],\\"links\\":[]}"
},
"options": {
"returnEdits": "ALL"
}
}'
This issue is resolved. In my case I have a mini-mono repo setup that does not support a single top level package JSON. After updating all dependent projects everything is working as intended.
system
July 4, 2025, 5:59pm
6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
